Added another test acceptance for encrypted EFS

nbaztec · Aug 17, 2017 · 8e2bd48 · 8e2bd48
1 parent f58f8ea
commit 8e2bd48
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 26 deletions.
diff --git a/aws/resource_aws_efs_file_system.go b/aws/resource_aws_efs_file_system.go
@@ -1,6 +1,7 @@
 package aws
 
 import (
+	"errors"
 	"fmt"
 	"log"
 	"time"
@@ -91,15 +92,19 @@ func resourceAwsEfsFileSystemCreate(d *schema.ResourceData, meta interface{}) er
 		createOpts.PerformanceMode = aws.String(v.(string))
 	}
 
-	if v, ok := d.GetOk("encrypted"); ok {
-		createOpts.Encrypted = aws.Bool(v.(bool))
+	encrypted, hasEncrypted := d.GetOk("encrypted")
+	kmsKeyId, hasKmsKeyId := d.GetOk("kms_key_id")
+
+	if hasEncrypted {
+		createOpts.Encrypted = aws.Bool(encrypted.(bool))
 	}
 
-	if v, ok := d.GetOk("kms_key_id"); ok {
-		createOpts.KmsKeyId = aws.String(v.(string))
-		if !aws.BoolValue(createOpts.Encrypted) {
-			return fmt.Errorf("[ERROR] encrypted must be set to true when kms_key_id is specified")
-		}
+	if hasKmsKeyId {
+		createOpts.KmsKeyId = aws.String(kmsKeyId.(string))
+	}
+
+	if encrypted == false && hasKmsKeyId {
+		return errors.New("encrypted must be set to true when kms_key_id is specified")
 	}
 
 	log.Printf("[DEBUG] EFS file system create options: %#v", *createOpts)

diff --git a/aws/resource_aws_efs_file_system_test.go b/aws/resource_aws_efs_file_system_test.go
@@ -171,7 +171,7 @@ func TestAccAWSEFSFileSystem_pagedTags(t *testing.T) {
 	})
 }
 
-func TestAccAWSEFSFileSystem_KmsKey(t *testing.T) {
+func TestAccAWSEFSFileSystem_kmsKey(t *testing.T) {
 	rInt := acctest.RandInt()
 	keyRegex := regexp.MustCompile("^arn:aws:([a-zA-Z0-9\\-])+:([a-z]{2}-[a-z]+-\\d{1})?:(\\d{12})?:(.*)$")
 	resource.Test(t, resource.TestCase{
@@ -182,22 +182,30 @@ func TestAccAWSEFSFileSystem_KmsKey(t *testing.T) {
 			{
 				Config: testAccAWSEFSFileSystemConfigWithKmsKey(rInt),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestMatchResourceAttr(
-						"aws_efs_file_system.foo-with-kms",
-						"kms_key_id",
-						keyRegex,
-					),
-					resource.TestCheckResourceAttr(
-						"aws_efs_file_system.foo-with-kms",
-						"encrypted",
-						"true",
-					),
+					resource.TestMatchResourceAttr("aws_efs_file_system.foo-with-kms", "kms_key_id", keyRegex),
+					resource.TestCheckResourceAttr("aws_efs_file_system.foo-with-kms", "encrypted", "true"),
 				),
 			},
 		},
 	})
 }
 
+func TestAccAWSEFSFileSystem_kmsConfigurationWithoutEncryption(t *testing.T) {
+	rInt := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckEfsFileSystemDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccAWSEFSFileSystemConfigWithKmsKeyNoEncryption(rInt),
+				ExpectError: regexp.MustCompile(`encrypted must be set to true when kms_key_id is specified`),
+			},
+		},
+	})
+}
+
 func testAccCheckEfsFileSystemDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).efsconn
 	for _, rs := range s.RootModule().Resources {
@@ -382,13 +390,26 @@ resource "aws_efs_file_system" "foo-with-performance-mode" {
 
 func testAccAWSEFSFileSystemConfigWithKmsKey(rInt int) string {
 	return fmt.Sprintf(`
-	resource "aws_kms_key" "foo" {
-		description = "Terraform acc test %d"
-	}
+resource "aws_kms_key" "foo" {
+  description = "Terraform acc test %d"
+}
 
-	resource "aws_efs_file_system" "foo-with-kms" {
-		encrypted = true
-		kms_key_id = "${aws_kms_key.foo.arn}"
-	}
-	`, rInt)
+resource "aws_efs_file_system" "foo-with-kms" {
+  encrypted = true
+  kms_key_id = "${aws_kms_key.foo.arn}"
+}
+`, rInt)
+}
+
+func testAccAWSEFSFileSystemConfigWithKmsKeyNoEncryption(rInt int) string {
+	return fmt.Sprintf(`
+resource "aws_kms_key" "foo" {
+  description = "Terraform acc test %d"
+}
+
+resource "aws_efs_file_system" "foo-with-kms" {
+  encrypted = false
+  kms_key_id = "${aws_kms_key.foo.arn}"
+}
+`, rInt)
 }